Shibboleth Developer's Meeting, Dec 12, 2014

Brent

Daniel

Ian

Marvin

Rod

• Jetty Logging
• Reviewing cases
• Questions:
  • How are we doing Open Case "end game"
  • How are we doing documentation
• Open Cases for review:
  • IDP-101  we provide the logo and the IdP Name.  Some people have the logo in their name and think the duplication is wrong.  Remove name is logo absent?
  • IDP-331 What does an attriute filter do if there is no Metadata (FAIL or FALSE)
  • IDP-451 Filter names, reference, logging the ID.  (1) Do we need more code (2) What is the plan.

Scott

• Finding additional message handlers and actions with message type constraints - we don't typically want these
• Added Spring wiring for a filter that can add EntityAttributes to metadata based on entityID or on a condition bean
• Added a WARN log
• Added an MDC filter to web.xml to add IP address and JSESSIONID to MDC - TBD, add IdP session ID somewhere, maybe inside webflows
• Changed conditional signing/encrypt rule for port 443 per note lo list
• Working on security config cleanup and scenarios
  • Added a simpler factory bean for the 99% case credential type (key and cert in resources)
  • Consolidated whitelists and blacklists into new conf, shared across metadata and RP services
  • Still working out best ways to simplify common RP override tasks like credentials or algorithms

Tom

Still working on limiting client-side consent storage, dealing with some ugliness in the code.

Other